Incident report on malicious takeover of ctx package on PyPI has been published.
Read details, mitigation, analysis, and more at https://t.co/I7plHeqwbj
Dependency-Track v4.5.0 now available.
This release adds support for exploit prediction (EPSS), VEX, non-public vulnerabilities, and much more.
https://t.co/Jl6g80flqc
#SBOM#SaaSBOM#VEX#OWASP#CycloneDX
This release is pretty epic. A real game changer for organisations consuming SBOMs. Thank you @stevespringett, @nscur0, and all the contributors. #sbom
Don’t know where to start to learn more about supply chain security?
Good news! We created a Software Supply Chain Reading List
Get it 📚
https://t.co/y6ys3uIWf8
Introducing Open Source Insights data in BigQuery to help secure software supply chains @googlecloud https://t.co/hIucTodVhs "This dataset provides access to critical software supply chain information for developers, maintainers and consumers of open-source software."
The 5×5—Reflections on trusting trust: Securing software supply chains https://t.co/IsK0klFxUv "It is like we built a digital Manhattan on a foundation of quicksand and swamps"
The Cybersecurity Coalition group has published its SBOM position paper! Check it out here. It talks about factors such as gaps in the ability to distribute and automate consumption of SBOMs, and open questions around what does SBOM mean in the cloud?
https://t.co/Dy0v0jRONF
@snyksec Tnx for your excellent analysis at https://t.co/UoshhgaDgx and don't worry, the "malicious actor" is one of our interns 😎 who was tasked to research dependency confusion as part of our continuous attack simulations for clients. (1/2)